# HG changeset patch # User Mads Kiilerich # Date 1428370205 -7200 # Node ID 569199be3475adc708a8f33b6660405113b816ed # Parent aef21d16a262b8b5aecd33af79b6aef05a18c4a4 javascript: provide secure_form compatible_authentication_token in all AJAX POSTs _authentication_token is introduced as a global javascript variable. That seems less ugly than passing it through as parameter everywhere ... and the token really _is_ a global thing. diff -r aef21d16a262 -r 569199be3475 kallithea/lib/helpers.py --- a/kallithea/lib/helpers.py Fri Mar 27 16:25:27 2015 +0100 +++ b/kallithea/lib/helpers.py Tue Apr 07 03:30:05 2015 +0200 @@ -43,7 +43,7 @@ js_obfuscate, mail_to, strip_links, strip_tags, tag_re from webhelpers.number import format_byte_size, format_bit_size from webhelpers.pylonslib import Flash as _Flash -from webhelpers.pylonslib.secure_form import secure_form as form +from webhelpers.pylonslib.secure_form import secure_form as form, authentication_token from webhelpers.text import chop_at, collapse, convert_accented_entities, \ convert_misc_entities, lchop, plural, rchop, remove_formatting, \ replace_whitespace, urlify, truncate, wrap_paragraphs diff -r aef21d16a262 -r 569199be3475 kallithea/public/js/base.js --- a/kallithea/public/js/base.js Fri Mar 27 16:25:27 2015 +0100 +++ b/kallithea/public/js/base.js Tue Apr 07 03:30:05 2015 +0200 @@ -391,6 +391,7 @@ }; var ajaxPOST = function(url, postData, success, failure) { + postData['_authentication_token'] = _authentication_token; var postData = _toQueryString(postData); if(failure === undefined) { failure = function(jqXHR, textStatus, errorThrown) { @@ -460,6 +461,7 @@ var toggleFollowingRepo = function(target, follows_repo_id){ var args = 'follows_repo_id=' + follows_repo_id; + args += '&_authentication_token=' + _authentication_token; $.post(TOGGLE_FOLLOW_URL, args, function(data){ _onSuccessFollow(target); }); @@ -467,7 +469,7 @@ }; var showRepoSize = function(target, repo_name){ - var args = ''; + var args = '_authentication_token=' + _authentication_token; if(!$("#" + target).hasClass('loaded')){ $("#" + target).html(_TM['Loading ...']); diff -r aef21d16a262 -r 569199be3475 kallithea/templates/base/root.html --- a/kallithea/templates/base/root.html Fri Mar 27 16:25:27 2015 +0100 +++ b/kallithea/templates/base/root.html Tue Apr 07 03:30:05 2015 +0200 @@ -55,6 +55,8 @@ %if hasattr(c, 'repo_name'): var REPO_NAME = "${c.repo_name}"; %endif + + var _authentication_token = "${h.authentication_token()}";